Prev: Windows Xp Reboot alone
Next: black screen asking how to open computer
From: VanguardLH on 12 Jul 2010 12:04
a wrote:

> John John ...
>
>> a wrote:
>>
>>> I usually run my PC as Administrator which I now know is dangerous,
>>> as it can let malware in and play with the system more easily. So
>>> I want to create a limited User account instead, but all my settings
>>> are under the Admin profile (eg. Quick Launch icons, file associations,
>>> and so on).
>>>
>>> Is there an easy way to migrate these to the User account, so that when
>>> I log in as User, my desktop is the same, icons are the same, etc?
>>
>> Copy the user profile to the new user.
>>
>> To copy a user profile
>> http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sysdm_userprofile_copy.mspx?mfr=true
>
> No good, the "Copy To" button for the Administrator account is disabled,
> so I can't perform Step 3 at the URL you quoted above. :(

You cannot copy the userprofile of the account on which you are logged.
That means you must not be logged on the userprofile you are copying
from or the userprofile that you are copying to. You need to use a 3rd
"intermediary" account that does the copying.

You should have an alternate admin-level account, anyway, and NEVER use
the Administrator account (not even to install programs) except in
emergencies. Create a second admin-level account and always use that
one for your admin tasks. Use a 3rd account on which you login to copy
the source userprofile to the target userprofile.

However, for there to be a target userprofile means you must have logged
in at least once to that new account. The userprofile doesn't get
generated until you login the first time. After creating the limited
account, log onto it. That creates its userprofile path and definition
in the registry. Then logoff that limited account, log onto your
alternate (but now primary) admin-level account and copy your old admin
userprofile atop your *existing* limited userprofile.

By the way, what is important is that you run the vulnerable programs
(used as infection vectors into your host) under a LUA token. The LUA
(limited user account) token reduces the privileges on the process to be
the same as if you had logged under a limited account and ran that
program. The web browser is probably the highest targeted infection
vector into your host. You can still logon under your admin-level
account but run the web browser under a LUA token to have all the same
safety that you get when running that web browser while logged on under
a limited account. So you don't have to give up using your admin-level
account (which should still NOT be the Administrator account but a
different admin-level account) just to have the safety of limited
privileges on your web browser. While there are 3rd party software that
lets you restrict a program to run under a LUA token, you can do that
using SRPs (software restriction policies) already provided in Windows
XP; however, it requires adding a "Basic" account under which to run a
program which is not defined by default in Windows XP. If you want to
use your admin-level account but protect yourself by limiting the
privileges on your web browser, I can tell you how to do that using SRPs
already available in Windows XP. Once you do it the first time, you'll
see how easily it is to do for other programs, like for other web
browsers that you install, a newsreader (NNTP client), or for your
e-mail program. It is not required to log under a limited account to
limit the privileges allowed for a program.
From: a on 12 Jul 2010 12:58
Thanks for your long answer (and to Pegasus, too!). :)

Okay, it's late here now so I will add a new admin account tomorrow
and try again. Hopefully it'll all work! Does it also mean that all
apps installed will have their Registry settings copied across, too?
Or is it literally just the basics like my "Documents and Settings"
folder? I was kind of hoping I could copy everything and just boot
up as Limited with all my apps still running, too. I fear not?


From: Pegasus [MVP] on 12 Jul 2010 13:24


"a" <b(a)invalid.com> wrote in message news:4c3b4a0f(a)dnews.tpgi.com.au...
> Thanks for your long answer (and to Pegasus, too!). :)
>
> Okay, it's late here now so I will add a new admin account tomorrow
> and try again. Hopefully it'll all work! Does it also mean that all
> apps installed will have their Registry settings copied across, too?
> Or is it literally just the basics like my "Documents and Settings"
> folder? I was kind of hoping I could copy everything and just boot
> up as Limited with all my apps still running, too. I fear not?

Copying a profile is equivalent to cloning an account.
From: VanguardLH on 13 Jul 2010 01:57
a wrote:

> Thanks for your long answer (and to Pegasus, too!). :)
>
> Okay, it's late here now so I will add a new admin account tomorrow
> and try again. Hopefully it'll all work! Does it also mean that all
> apps installed will have their Registry settings copied across, too?
> Or is it literally just the basics like my "Documents and Settings"
> folder? I was kind of hoping I could copy everything and just boot
> up as Limited with all my apps still running, too. I fear not?

Did you install the app(s) for all users? Or just for your own account?
From: a on 13 Jul 2010 09:14
"Pegasus [MVP]" <news(a)microsoft.com> wrote

>> Okay, it's late here now so I will add a new admin account tomorrow
>> and try again. Hopefully it'll all work! Does it also mean that all
>> apps installed will have their Registry settings copied across, too?
>> Or is it literally just the basics like my "Documents and Settings"
>> folder? I was kind of hoping I could copy everything and just boot
>> up as Limited with all my apps still running, too. I fear not?
>
> Copying a profile is equivalent to cloning an account.

Good to know!


First  |  Prev  |  Next  |  Last
Pages: 1 2 3 4
Prev: Windows Xp Reboot alone
Next: black screen asking how to open computer